revisiting tesla in the quantum random oracle model
play

Revisiting TESLA in the quantum random oracle model Selected - PowerPoint PPT Presentation

Feb 28, 2023 •1.13k likes •1.6k views

Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style signatures from LWE or SIS Lyubashevsky 2012 Sigs via Fiat-Shamir Bai-Galbraith BLISS 2013 Short sigs Optimized DBGGOPSS 2014 Improvements,

  1. Revisiting TESLA in the quantum random oracle model

  2. Selected history of Fiat-Shamir— style signatures from LWE or SIS Lyubashevsky 2012 Sigs via Fiat-Shamir Bai-Galbraith BLISS 2013 Short sigs Optimized DBGGOPSS 2014 Improvements, fast implementation TESLA 2015 Tight security reduction, fast implementation ring-TESLA Now with rings, fast implementation 2016 TESLA# Improvements, fast implementation

  3. Selected history of Fiat-Shamir— style signatures from LWE or SIS Lyubashevsky 2012 Sigs via Fiat-Shamir Bai-Galbraith BLISS 2013 Short sigs Optimized DBGGOPSS 2014 Improvements, fast implementation TESLA This talk 2015 Tight security reduction, fast implementation ring-TESLA Now with rings, fast implementation 2016 TESLA# Improvements, fast implementation

  4. Preamble

  5. Given a forger... Sign Forger

  6. ...construct a P-solver Forger

  7. Parameter choice should account for the security reduction

  8. Tightness

  9. The quantum random oracle model (QROM) Hash

  10. When does ROM imply QROM? Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry

  11. Prior work on TESLA Lyubashevsky Sigs via Fiat-Shamir Bai-Galbraith BLISS Short sigs Optimized Reduction from LWE, SIS. DBGGOPSS Proof uses Forking Lemma. Improvements, fast implementation Non-tight, re-programming. ROM but not QROM. TESLA Tight security reduction, fast implementation ring-TESLA Reduction from LWE only. Now with rings, fast implementation Tight reduction in ROM. QROM via chameleon TESLA# hash functions. Improvements, fast implementation

  12. Our contributions (theoretical)

  13. Our contributions (practical)

  14. Summary of related work Katz, Wang Abdalla, Fouque, Lyubashevsky, Tibouchi Gentry, Peikert, Vaikuntanathan Boyen, Li

  15. “Lattice-based” crypto

  16. “Lattice-based” crypto

  17. Learning with Errors (LWE) (matrix version)

  18. TESLA key generation Pk: LWE yes-instance Sk: witness

  19. TESLA sign Zero-knowledge proof (S,E) + Fiat-Shamir

  20. TESLA sign: terminology

  21. TESLA verify

  22. Security theorem for TESLA

  23. Security theorem for TESLA Tightness: Scaling factor 1.

  24. Proof overview Sign Hash Forger

  25. Simulator Sign Hash classical quantum Simulator classical quantum

  26. Forger forges, even with a simulator Simulator Forger

  27. Forger + Simulator = LWE solver Simulator Forger

  28. Forger + Simulator = LWE solver

  29. Yes-instances: Signature simulator

  30. Yes-instances: Signature simulator Re-program a quantum oracle!

  31. Re-programming in TESLA

  32. No-instances: Good hash inputs

  33. Search through unstructured space

  34. Good hash inputs are rare

  35. Parameter sets

  36. Parameter sets

  37. Software

  39. Global A matrix?

  40. Proof approach Abdalla, Fouque, Lyubashevsky, Tibouchi

  41. Other tightly-secure LWE or SIS signatures (move to the end?)

  42. Comparison: LWE/SIS schemes

  43. Comparison: hash-based schemes

Recommend

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford University Random Oracle Model (ROM) Sometimes, we cant prove a scheme secure in the standard model. Instead, model a hash function as a

509 views • 38 slides
IND-CCA-secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited Haodong

IND-CCA-secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited Haodong

IND-CCA-secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited Haodong Jiang , Zhenfeng Zhang , Long Chen , Hong Wang Zhi Ma Chinese State Key Laboratory of Mathematical Engineering and

577 views • 46 slides
Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo /AIST) *Pronounced as Shu ichi Katsumata (The University of Tokyo /AIST) Shota Yamada Takashi Yamakawa (AIST) (NTT) 1 Post Quantum Cryptography

1.22k views • 86 slides
How Risky is the Random-Oracle Model? Gatan Leurent and Phong Nguy n & & France

How Risky is the Random-Oracle Model? Gatan Leurent and Phong Nguy n & & France

How Risky is the Random-Oracle Model? Gatan Leurent and Phong Nguy n & & France Aug. 19, 2009 Full version on http:/ / eprint.iacr.org/2008/ 441 Summary The Random-Oracle Model (ROM) Random-Oracle Instantiations Robustness

789 views • 48 slides
A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model EUROCRYPT 2018

A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model EUROCRYPT 2018

A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model EUROCRYPT 2018 Eike Kiltz , Vadim Lyubashevsky, Christian Schaffner Classical Signature Schemes Full Domain Hash Trapdoor function Signature Scheme Fiat-Shamir

268 views • 26 slides
Security of the Fiat-Shamir Transformation in the Quantum Random Oracle Model Serge Fehr Chris

Security of the Fiat-Shamir Transformation in the Quantum Random Oracle Model Serge Fehr Chris

Security of the Fiat-Shamir Transformation in the Quantum Random Oracle Model Serge Fehr Chris Majenz Chris Schaffner Jelle Don CWI and UvA UvA CWI Leiden University Our Result in Short Let S be a S -protocol, FS[ S ] its Fiat-Shamir

422 views • 40 slides
Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model Jelle Don, Serge

Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model Jelle Don, Serge

Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model Jelle Don, Serge Fehr, Christian Majenz and Christian Schaffner QIP 2020 Hilton Shenzhen Shekou Nanhai Hotel, Shenzhen, China Two facts of life Two facts of life

1.38k views • 98 slides
Quantum Position Verification in the random oracle model Dominique Unruh University of Tartu

Quantum Position Verification in the random oracle model Dominique Unruh University of Tartu

Quantum Position Verification in the random oracle model Dominique Unruh University of Tartu Dominique Unruh Position Verification Speed of light Position verified Quantum Position Verification 2 Dominique Unruh A generic protocol

409 views • 21 slides
How$to$Record$Quantum$Queries$ and$Applications$to$Quantum$Indifferentiability Mark%Zhandry

How$to$Record$Quantum$Queries$ and$Applications$to$Quantum$Indifferentiability Mark%Zhandry

How$to$Record$Quantum$Queries$ and$Applications$to$Quantum$Indifferentiability Mark%Zhandry Princeton%University%&%NTT%Research Me This%talk x N xy The$(Classical)$Random$Oracle$Model$(ROM) [Bellare@Rogaway93] hash%

481 views • 37 slides
Spectral Properties of the Quantum Random Energy Model Simone Warzel Zentrum Mathematik, TUM

Spectral Properties of the Quantum Random Energy Model Simone Warzel Zentrum Mathematik, TUM

Spectral Properties of the Quantum Random Energy Model Simone Warzel Zentrum Mathematik, TUM Cargese September 4, 2014 1. The Quantum Random Energy Model Q N := { 1 , 1 } N Hamming cube: configuration space of N spins ( )( )

451 views • 15 slides
By Ben Follett Executive Summary Tesla will most likely be having another net loss in 2016 due

By Ben Follett Executive Summary Tesla will most likely be having another net loss in 2016 due

By Ben Follett Executive Summary Tesla will most likely be having another net loss in 2016 due to global expansion. Tesla probably wont see profits until the Model 3 is in full production. Tesla is in its infant stages of company. All free cash

279 views • 12 slides
Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number generator with non-iid generator at 17 Gbps samples Tobias Gehring et al. Marco Avesani et al. 1 The need for random numbers Alice quantum Rx laser

346 views • 32 slides
In the Random Oracle Model Mohammad Mahmoody, Tal Moran , Salil Vadhan Time-Lock Puzzles

In the Random Oracle Model Mohammad Mahmoody, Tal Moran , Salil Vadhan Time-Lock Puzzles

Time-Lock Puzzles In the Random Oracle Model Mohammad Mahmoody, Tal Moran , Salil Vadhan Time-Lock Puzzles Sending an encrypted message to the future shouldnt be revealed before some future date no safe storage for secrets

318 views • 14 slides
M C Q S T Motivation Configuration space of N spin- 1 Q N = { 1 , 1 } N 2 : Random Energy

M C Q S T Motivation Configuration space of N spin- 1 Q N = { 1 , 1 } N 2 : Random Energy

Phase Transition in the Quantum Random Energy Model Simone Warzel Venice Quantissima in the Serenissima III August 23, 2019 M C Q S T Motivation Configuration space of N spin- 1 Q N = { 1 , 1 } N 2 : Random Energy Model Derrida

327 views • 15 slides
Solving Random Subset Sum Problem by l p -norm SVP Oracle Gengran Hu joint work with Yanbin Pan,

Solving Random Subset Sum Problem by l p -norm SVP Oracle Gengran Hu joint work with Yanbin Pan,

Lattices and SVP Random Subset Sum Problem Solving RSSP by l p -norm SVP Oracle Solving Random Subset Sum Problem by l p -norm SVP Oracle Gengran Hu joint work with Yanbin Pan, Feng Zhang Key Laboratory of Mathematics Mechanization, NCMIS,

700 views • 35 slides
The TESLA Linear Collider Winfried Decking (DESY) for the TESLA Collaboration Outline

The TESLA Linear Collider Winfried Decking (DESY) for the TESLA Collaboration Outline

The TESLA Linear Collider Winfried Decking (DESY) for the TESLA Collaboration Outline Project Overview Highlights 2000/2001 Publication of the TDR Cavity R&D TTF Operation A0 and PITZ TESLA Beam Dynamics

689 views • 41 slides
Convergence in High Probability of the Quantum Diffusion in a Random Band Matrix Model Project

Convergence in High Probability of the Quantum Diffusion in a Random Band Matrix Model Project

Convergence in High Probability of the Quantum Diffusion in a Random Band Matrix Model Project supervised by Prof. Antti Knowles- ETH Z urich Vlad Margarint Dept. of Mathematics, University of Oxford vlad.margarint@maths.ox.ac.uk 11 July

1.01k views • 64 slides
Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs ,

Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs ,

Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs , R Istv an Kov obert Juh asz Cargese, August 25- September 6, 2014 1 Introduction Quantum phase transitions quantum spin

796 views • 28 slides
Quantum Oracle Classification The Case of Group Structure Mark

Quantum Oracle Classification The Case of Group Structure Mark

Quantum Oracle Classification The Case of Group Structure Mark Zhandry Princeton University Query Complexity x O:X Y O(x) Info about O Examples: Pre-image of given

932 views • 58 slides
Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and Alexander Russell QCrypt 2020, in Cyberspace Results overview We study the simulation of random quantum objects , i.e. random quantum states

1.08k views • 72 slides
Revisiting the Threshold Random Walk Scan Detector Vagishwari Nagaonkar Dr.John Mchugh Faculty

Revisiting the Threshold Random Walk Scan Detector Vagishwari Nagaonkar Dr.John Mchugh Faculty

Revisiting the Threshold Random Walk Scan Detector Vagishwari Nagaonkar Dr.John Mchugh Faculty of Computer Science Dalhousie University Presented for FLOCON 2008 Introduction Initial Activity in many intrusions Scanning

933 views • 27 slides
Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central

Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central

Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central mathematical puzzle: Show that the scaling limit of some kind of discrete quantum gravity (perhaps decorated by random loops, random trees, etc.) is

704 views • 29 slides
On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model Yannick Seurin ANSSI, France 18 April, EUROCRYPT 2012 Yannick Seurin (ANSSI) Exact Security of Schnorr Signatures EUROCRYPT 2012 1 / 28 Introduction Introduction

1.45k views • 117 slides
Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University

Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University

Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University Warwick 12 January 2012 Joint work with L aszl o Erd os Two standard models of quantum disorder Consider the two random Hamiltonians on

616 views • 23 slides

More recommend